Electronic payment application system and payment authorization method

ABSTRACT

The system contains a virtual POS terminal&#39;s unit in the user&#39;s personal device. The mobile communication device ( 1 ) contains a virtual POS terminal&#39;s unit ( 4 ) and also a removable memory card ( 3 ), on which there are at least two physically separate secure elements ( 2 ) stored. The removable memory card ( 3 ) is connected to the secure element ( 2 ) containing the secured part of the virtual POS terminal. The mobile communication device ( 1 ) and/or the separate portable element ( 6 ) is adjusted in such a way to be able to connect to a remote payment procession server. The removable memory card ( 3 ) and the separate portable element ( 6 ) can be equipped with the NFC communication element. Depending on the user choice, a corresponding secure element ( 2 ) with the selected payment card unit ( 14 ) is activated on the removable memory card ( 3 ). The user&#39;s payment card&#39;s identification data are supplemented by the payment receiver&#39;s identification data and also by a one-time password that was created in the one-time password unit.

CROSS-REFERECE TO RELATED APPLICATIONS

This application is the National Stage of International Application No. PCT/IB2009/054101 filed Sep. 18, 2009 which claims the benefit of Slovak Application No. PP 5086-2008, filed Sep. 19, 2008, the disclosures of which are incorporated herein by reference in their entirety.

FIELD OF THE INVENTION

The invention refers to the electronic payment application system, concentrating on the payments realized through a mobile communication device, such as a mobile phone. The invention also describes the way the electronic payment is realized and authorized.

BACKGROUND OF THE INVENTION

The POS (point of sale) terminals are commonly used to process electronic payments realized through various payment cards. The POS terminals are connected to the payment processor. There exist payment systems which encompass a POS terminal operated by a merchant as a receiver of the payment.

The invention as in CN1450782 patent file describes a cooperation between a mobile phone and a POS terminal, however it does not deal with specific hardware implementation that would ensure the required security of payment applications. Also, there exist such implementations as in CN101136123, according to which the mobile phone can be used for password entering; however the mobile phone does not have the function of being a POS terminal itself.

The solution as in US2002/0147658 A1 describes some relations between the members of the electronic payment process; however it does not deal with the technical organization of individual elements. Other similar inventions as in WO 03/012717 A1 and US2007/0106564 A1 propose the way of organizing the elements, but they do not deal with specific technical implementation that would ensure the courses of payment operations to be secure enough. The invention as in WO 2008/105703 describes the participation of a mobile phone in the communication with a POS terminal; however it does not deal with the storage of payment card data in the mobile phone that would be secure enough. Some possibilities of communication between the POS terminal and the mobile phone are also described in other patent files such as IE 980562, U.S. Pat. No. 6,450,407 B1 and GB 2432031A. These, however, do not offer a configuration that could be comfortably used for securing the payment application.

Up-till present there are no such technologies known, that would enable to create personal portable POS terminals from commonly available devices, such as the mobile phones. The existing relations between the processor of electronic payments over the POS terminal and the banks could not be fully used to process payments from developing internet commerce, in case the internet shop itself was not equipped with the POS terminal.

SUMMARY OF THE INVENTION

The deficiencies mentioned are to a large extent eliminated by the electronic payment application system that consists of a secure element, a payment procession server, a mobile communication device with a display and a keyboard, such as a mobile phone as described by this invention. The subject matter of the mobile phone is based on the fact that the mobile communication device is equipped with a virtual POS terminal unit. The POS terminal functions are incorporated into a device that is at the sole disposal of the user, and not the merchant as it is known from existing solutions. The secure element with an encryption unit and a data storage unit can be placed within the mobile communication device, such as a mobile phone or it can be placed to a separate portable element in the form of a USB key. The USB key is connected to a personal computer through a USB connector. The mobile communication device also contains a removable memory card e.g. of the common microSD format. On the removable memory card there are at least two physically separate secure elements and the removable memory card is connected to the managing unit of the virtual POS terminal. The placement of the secure elements onto the removable memory card creates a precondition that enables to extend the possibilities of existing phones with a slot for insertion of the memory card. The important characteristic of the configuration described here is the hardware, physical separation of the secure elements; a solution which enables to store data of payment cards that belong to various financial institutions in a reliable, secure way. In the solution mentioned, the removable memory card can encompass various payment card's functions and according to the number of secure elements, it can even contain a secure area into which personal data or similar can be stored. The secure elements on the removable memory card are connected to a managing unit that switches the secure element into an active mode. The managing unit always activates the secure element with a chosen payment card data.

The device that carries the secure element with the encryption unit and with the data storage unit is adjusted in such a way to be able to connect to the payment procession server. On the payment processor side, the system and the related elements are organized in the same way as they are in the existing common payments realized through the POS terminals maintained by the merchants.

The encryption unit and the data storage unit form a secured part of the virtual POS terminal that is located in the secure element. Within the electronic payment application system here described, these units can be located on the printed circuit board of the mobile communication device's hardware or in a separate portable element that is adjusted for connection to a personal computer. In the first case, the transmission channel between the removable memory card and the virtual POS terminal's managing unit is the contact one and is created by conductive paths of the mobile communication device's hardware. In the second case the transmission channel between the separate portable element and the removable memory card is contactless. This basic configuration enables to create a POS terminal directly in each user's mobile communication device, such as a mobile phone. Using the system described, the user will be able to pay in a contactless way using his phone or a phone that communicates with his personal computer. Since this solution will cause the number of POS terminals to increase diametrically and since the POS terminals will not be operated only by the merchants, but basically by each user of a mobile phone, it would be suitable, if the payment communication between the virtual POS terminal and the payment procession server went first through an intermittent unit, the output of which will be sent to the payment procession server. Individual payments from a large number of individual virtual POS terminals will be the inputs for the intermittent unit. It can be supposed that one virtual POS terminal will have a smaller number of payments. The output from the intermittent unit will consist of the received payments' summary in a batch form. The output will be similar to the existing situation, when one POS terminal operates payment processes for various paying customers.

In one secure element on the removable memory card there is a one-time password creation unit and at least one other secure element on the removable memory card carries the payment's card data storage unit. The creation of the one-time password increases the security of the payment's authorization and solves the problem with an insufficient acceptability of the mobile phone's keyboard as the secure equipment for PIN entering.

In case the system has the secure element with the virtual POS terminal stored on a separate portable element, it is suitable if the transmission channel between the separate carrier element and the removable memory card is of the NFC type. In order to use even the mobile communication devices that do not have the NFC functionality in the payment processes as described in this invention, the removable memory card can be equipped with the NFC communication element, preferably even with the NFC antenna. The separate carrier element is equipped with the NFC communication element with an antenna. Using this kind of configuration, a mobile communication device, that originally was not equipped with the NFC communication element can be used since it obtains it by inserting the removable memory card into the device For easy manipulation when inserting the memory card with the NFC communication element into the mobile communication's slot, it is proper if the memory card also contains an antenna for the communication with the separate portable element. In principle, however, the NFC antenna can be placed even outside the removable memory card's body.

With respect to the supposed increase in usage of mobile communication devices for realization of payment processes, it is preferable, if the mobile communication device is equipped with a purpose key to run the electronic payment application. This key carries a symbol of the payment, for instance in the form of local currency sign.

The deficiencies in existing technologies are to a large extent eliminated by such a way of payment authorization in which the payment is instantly received by the payment receiver's account; especially the electronic payment realization method using a mobile phone in electronic purchases with these being processed by a remote payment procession server as described in this invention. The subject matter of this invention is based on the fact that the managing unit activates a corresponding secure element with a chosen payment card unit on the removable memory card, all in accordance with the user's choice. The user's payment card identification data are supplemented with the payment receiver's identification data and also with a one-time password that was generated from the entered PIN in the one-time password creation unit. All these data are electronically signed and subsequently the electronically signed data are sent either directly or through data storage unit to the payment procession server. It is preferable, if the electronically signed data are encrypted in the encryption unit within the virtual POS terminal before they are sent to the payment procession server.

The procession process as described above is different from existing processes on the POS terminal also in the fact that the POS terminal in its virtual form is not held by the receiver of the payment but on the contrary by the user paying for the goods and services. And so the payment is not accepted for the benefit of the given POS terminal's default account. For the reason given, the POS terminal processes also the receiver's identification data, according to which a corresponding account to which the payment should be sent to, is assigned on the payment procession server. The receiver's account itself can be an identification data. The electronically signed data are encrypted in the encryption unit that is incorporated into the secure part of the virtual POS terminal before being sent to the payment procession server.

After a successful payment, a unique transaction number confirming the realization of the payment is received from the payment procession server by the virtual POS terminal's managing unit in the mobile communication device.

On the beginning of the payment process, the virtual POS terminal's managing unit in the mobile communication device receives the payment receiver's identification data, so the payment could be routed correctly. Preferably, this data transfer can be processed through the payment procession server's cooperation with the payment receiver's internet shop. In case the separate portable element is used, it is preferable, if the transmission channel between the separate portable element and the removable memory card is of contactless type, preferably on the NFC communication platform.

In terms of preserving the statistical structure of data that are coming to the payment procession server and taking into the consideration that the number of POS terminals was substantially increased, it is suitable, if the electronically signed data are sent to the payment procession server over the intermittent unit, which centralizes connections to several virtual POS terminal's units.

The system and the method described enable comfortable and secure electronic payments. The user himself disposes of the virtual POS terminal that is capable of processing payments which are heading to different money accounts.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is explained in more detail in FIGS. 1 and 2. FIG. 1 illustrates an implementation scheme of a system with a mobile communication device which contains a secure element with an encryption unit and a data storage unit.

FIG. 2 illustrates a system with a separate portable element that is connected to a personal computer through an USB connector. An intermittent unit is placed in front of the payment procession server.

REALIZATION EXAMPLES Example 1

The system contains a mobile communication device 1 which is the NOKIA 6131 mobile phone. On the hardware board of the mobile communication device 1, there is a secure element 2. In this example, the mobile communication device 1 is also a device in which there is the secure element 2 with secured parts of the virtual POS terminal—an encryption unit 12 and a data storage unit 13. A removable memory card 3 of the microSD type is inserted into the mobile communication device's 1 slot. On the removable memory card 3 with standard parameters, there are stored four secure elements 2. Each of them is physically, hardwarely separate and independent. On the removable memory card 3 there is also a managing unite used to switch a corresponding secure element 2 into an active mode. The managing unit is responsible for exclusive activity of one secure element 2. In one secure element 2 on the removable memory card 3, there is a one-time password creation unit and on the other three secure elements 2 there are the payment card units 14. In this example they belong to three different providers of electronic payment procession, such as VISA, EC/MC, and LGM. The secure element 2 with a secured part of the virtual POS terminal contains the encryption unit 12 and the data storage unit 13. The removable memory card 3 is connected through its contact to the mobile communication device's 1 printed circuit board and through the conductive paths of the mobile communication device 1 to the virtual POS terminal managing unit 4. The communication between the removable memory card 3 and the secure element 2 with the secured part of the virtual POS terminal is ensured over this contact connection using the ISO7816 protocol. Over the public data network of the provider of the GSM services in the GPRS format, the mobile communication device 1 is adjusted so it can be connected to a remote payment procession server 10. The payment procession server 10 has the same configuration and functions as in the payment system with the standard, stable POS terminals. The payment procession server 10 is also connected to databases 11 of financial institutions, such as banks, which subtract the payments that were effectuated and associated with a specific client from the respective client's account.

The internet shop payment using a mobile communication device 1 with its own secure element 2 on the printed circuit board with the secured parts of the virtual POS terminal proceeds as follows. The user activates the payment application on the keyboard. The mobile communication device 1 is connected to the internet network. Depending on the data that are stored on the removable memory card's 3 separate secure elements 2, the user is offered to effectuate the payment through various payments cards. After the payment card was selected, the managing unit activates the corresponding secure element 2 on the removable memory card 3. After the user requests for the payment to be effectuated, the internet merchant as a receiver of the payment sends a request along with his bank data to the remote payment procession server 10. In response, the merchant receives the unique payment number that is displayed on the customer's display by the internet shop. The identification of the merchant's account is realized over the payment receiver's identification data, to which the payment procession server 10 joins the merchant's bank data. The identification of the merchant's account can also be realized by transmitting the merchant's complete bank identification data in the data flow.

After the request, the user enters the preselected PIN on the mobile communication device's 1 keyboard. This PIN is independent from the PIN that was assigned to the user by the issuer of the payment card; a PIN that is incorporated into the secure element 2 on the removable memory card 3. The PIN preselected by the user can be the same for all the payment cards of his, since it is not dependant on the payment cards' data. The application in the secure element 2 sends the data into the virtual POS terminal managing unit 4 in the same way as if it transmitted data into the standard stable POS terminal. After the correct PIN has been entered, on the display there appears a window with the authorization number. The user enters this authorization number into the internet form. The virtual POS terminal managing unit 4 sends the PIN to the one-time password creation unit 15, which creates one-time password which is then stored in the data storage unit 13. The virtual POS terminal managing unit 4 enters the one-time password and the transaction number into active, selected secure element 2 with the corresponding payment card unit 14, where the user's bank data are added to them. At this moment the data file that consists of the user's payment card identification data, the payment receiver's identification data and the one-time password, is signed. The virtual POS terminal managing unit 4 sends the data to the encryption unit 12 and being encrypted the data are sent over GPRS network to the payment procession server 10. There the signature is verified and the payment's card password is checked. The payment is processed as a payment effectuated through a virtual payment card over the virtual POS terminal and as a payment without PIN, since the PIN was already verified by the one-time password creation unit. In case the payment is authorized, an authorization code in the form of a unique transaction number is generated on the payment procession server 10. This coded is added to other payment data in the server's database. In the same time the unique transaction number is sent over the GPRS network to the virtual POS terminal managing unit 4 in the mobile communication device 1. In this example, the authorization code is displayed on the mobile communication device's 1 display; the user enters it into the corresponding window of the internet shop. The internet merchant, using his own transmission channel, sends the transaction coded and the authorization coded to the payment procession server 10. The internet merchant informs the user of the result of the verification. In case the verification was affirmative, the payment is finished by the command being sent from the payment procession server 10 to the corresponding database 11 of the financial institution. There the user's account is debited by the effectuated payment.

Example 2

In this example, a device that carries the secure element 2 with secured parts of the virtual POS terminal is a separate portable element 6 with a USB connector. The transmission channel 5 between the separate portable element 6 and the removable memory card 3 is contactless. The separate portable element 6 is equipped with a NFC communication element 7 with an antenna 8. The removable memory card 3 is equipped with a NFC communication element 7 including the NFC antenna 8. The mobile communication device 1 is equipped with a purpose key to run an electronic payment application. This key carries a EURO currency symbol on it.

The mobile communication device 1 contains a virtual POS terminal's managing unit that is connected to the removable memory card 3. On the removable memory card 3 there are three physically separate secure elements 2. The removable memory card 3 is connected to the secure element 2 on the separate portable element 6 over the virtual POS terminal's managing unit 4 and over the NFC communication. The separate portable element 6 is adjusted in such a way to be able to connect to a remote payment procession server 10 using a personal computer. The separate portable element 6 is connected to the personal computer by being inserted into the USB connector. In front of the payment procession server 10, there is the intermittent unit 9.

The intermittent unit 9 is maintained by the payment system manager that also ensures the connection between the intermittent unit 9 and the payment procession server 10. After the user activates the payment process, the internet merchant sends a requirement along with his bank data to the procession server. In response, he receives a unique transaction number, which the internet shop sends to the separate portable element 6 over USB port. By pressing the purpose key with the EURO sign, the user confirms the payment process. The virtual POS terminal's managing unit 4 in the mobile communication device 1 recognizes that it is a payment over a personal computer with a separate portable element 6 attached and proceeds in a different way then in the example 1. The virtual POS terminal's managing unit 4 requires the user to enter PIN for the one-time password to be generated and then stores the one-time password to the secure element 2 on the removable memory card 3. The virtual POS terminal's managing unit 4 requests the user to approach his mobile communication device 1 to a separate portable element 6. After this the transaction number is transmitted over NFC communication into the secure element 2 on the removable memory card 3. There the data are supplemented with the user's bank data. All the data are signed by the card and sent into the separate portable element 6, which sends them to the payment procession server 10. There the signature is verified, the password is checked and the payment is authorized. The payment is processed as a payment over a virtual card on the virtual POS and as a payment without PIN, since the PIN was already verified over the one-time password creation unit 15.

In case of the affirmative authorization, the payment procession server 10 generates the authorization code that is sent to the managing unit 4 in the mobile communication device 1, where it is displayed on the display or eventually even on the personal computer's monitor. The user enters, resp. copies the authorization code into the corresponding window of the internet shop. The internet shop sends the transaction code and the authorization code to the procession server to be verified and informs the user about the result.

INDUSTRIAL APPLICABILITY

The industrial usability is obvious. According to this invention it is possible to create and use electronic payment application system, in which the user uses a mobile communication device as a payment instrument. The user disposes of his own POS terminal that is incorporated into the mobile communication device or that is encompassed in the connection of this mobile communication device with a separate portable element.

LIST OF RELATED SYMBOLS

-   -   1—a mobile communication device     -   2—a secure element     -   3—a removable memory card     -   4—a virtual POS terminal's managing unit     -   5—a transmission channel     -   6—a separate portable element     -   7—a NFC communication element     -   8—an antenna     -   9—an intermittent unit     -   10—a payment procession server     -   11—a database belonging to a financial institution     -   12—an encryption unit     -   13—a data storage unit     -   14—a payment card unit     -   15—a one-time password creation unit 

The invention claimed is:
 1. An electronic payment applications system, comprising: a remote payment processing server; a mobile communication device comprising a display, a keyboard, a managing block for a virtual point-of-sale (POS) terminal, and a removable memory card; and at least two physically separate secure elements that are connected to the managing block, wherein a secured part of the virtual POS terminal is located in one of the secure elements and is connected to the managing block, wherein the secure elements are located on the removable memory card or in a separate portable element that is linked to the mobile communication device, and wherein at least one of the mobile communication device and the separate portable element is adapted to be connected to the remote payment processing server.
 2. The electronic payment applications system of claim 1, wherein the secured part of the virtual POS terminal includes an encryption block and a data storage block.
 3. The electronic payment applications system of claim 1, wherein the managing block is adapted to switch the secure elements into an active mode.
 4. The electronic payment applications system of claim 1, wherein the mobile communication device includes a printed circuit board, and the secure element with the secured part of the virtual POS terminal is on the printed circuit board, the system further comprising an electrically conductive transmission channel between the removable memory card and the secured part of the virtual POS terminal and the managing block formed by conductive paths in the mobile communication device.
 5. The electronic payment applications system of claim 1, wherein the secure element with the secured part of the virtual POS terminal is located in the separate portable element, and the separate portable element is adapted to be connected to a computer, the system further comprising a contactless transmission channel between the separate portable element and the removable memory card.
 6. The electronic payment applications system of claim 5, wherein the transmission channel between the separate portable element and the removable memory card is a near-field communication (NFC) channel.
 7. The electronic payment applications system of claim 6, wherein the removable memory card is equipped with a first NFC element including a first antenna, and the separate portable element is equipped with a second NFC element including a second antenna.
 8. The electronic payment applications system of claim 1, further comprising an intermittent block that centralizes connections to a plurality of virtual POS terminal blocks.
 9. The electronic payment applications system of claim 1, wherein at least one of the secure elements on the removable memory card includes a one-time password creation block, and at least one other secure element includes a payment card block.
 10. The electronic payment applications system of claim 1, wherein the mobile communication device includes a purpose key to run a direct debit application, and the key carries a payment symbol thereon.
 11. A payment authorization method for realizing a payment to an internet shop via a mobile communication device, the payment being processed on a remote payment processing server, the method comprising: activating, according to a user selection, a corresponding secure element having a payment card block on a removable memory card or separate portable element associated with the mobile communication device; adding to payment card identification data associated with the user, a payment receiver's identification data and a one-time password generated from a personal identification number (PIN) entered in a one-time password block on the removable memory card; the removable memory card electronically signing the payment receiver's identification data and one-time password; and the removable memory card sending the electronically signed payment receiver's identification data and one-time password to the payment processing server.
 12. The payment authorization method of claim 11, further comprising providing to a managing block of a virtual point-of-sale (POS) terminal in the mobile communication device a unique transaction number confirming that a payment was effectuated.
 13. The payment authorization method of claim 11, further comprising providing the payment receiver's identification data to a managing block of a virtual point-of-sale (POS) terminal in the mobile communication device at the beginning of the payment process.
 14. The payment authorization method of claim 11, further comprising encrypting the electronically signed payment receiver's identification data and one-time password in an encryption block in a secured part of a virtual point-of-sale (POS) terminal before the electronically signed payment receiver's identification data and one-time password are sent to the payment processing server.
 15. The payment authorization method of claim 11, wherein a contactless transmission channel is defined between the separate portable element and the removable memory card.
 16. The payment authorization method of claim 11, wherein the electronically signed payment receiver's identification data and one-time password are sent to the payment processing server via an intermittent block that centralizes connections to a plurality of virtual POS terminal blocks.
 17. A mobile communications device for use in an electronic payment applications system, the mobile communication device comprising: a managing block for a virtual point-of-sale (POS) terminal, and a removable memory card, wherein on the removable memory card there are located at least two physically separate secure elements that are connected to the managing block, a secured part of the virtual POS terminal is located in one of the secure elements and is connected to the managing block, and the mobile communication device is adapted to be connected to a remote payment processing server.
 18. The mobile communication device of claim 17, wherein the secured part of the virtual POS terminal includes an encryption block and a data storage block.
 19. The mobile communication device of claim 17, wherein the secure elements are connected to the managing block, and the managing block is adapted to switch the secure elements into an active mode.
 20. The mobile communication device of claim 17, wherein at least one of the secure elements includes a one-time password creation block, and at least one of the secure elements includes a payment card block. 